FP: 1 definitive, 1 maybe

[danburrito]

IObit Security 360

OS:Windows XP

Version:0.2.2.8

Define Version:1095

Time:7/31/2009 11:26:51 AM

|Name|Type|Description|ID|

Trojan.Agent, File, C:\Documents and Settings\Administrator\Desktop\IE PassView v1.15.exe, 9-16549

Trojan.Crypt.XPACK, File, C:\WINDOWS\ServicePackFiles\i386\aspnet_regiis.exe, 12-515

 

First one is a password viewer, 2nd one ought to be definately a FP.

[enoskype]

Hi danburrito,

 

Sorry, but one is definitely not false positive giving the paswords in IE (Also quarantined by McAfee Antivirus Plus), and please check the version of aspnet_regiis.exe, it may possibly be a vulnarability, as MS has changed .NET Framework version seeing vulnarability there.

 

Versions: 1.0.3705.6018 & 1.0.3705.6060 are seen as Trojan.Crypt.XPACK

 

versions: 1.1.4322.2032 & 2.0.50727.3053 are seen CLEAN.

 

Cheers.

[danburrito]

Hi danburrito,

 

Sorry, but one is definitely not false positive giving the paswords in IE (Also quarantined by McAfee Antivirus Plus)

 

 

Given the _potential_ security threat by the password viewer on an unsuspecting users machine, I agree. One more for the ignore list.

 

and please check the version of aspnet_regiis.exe, it may possibly be a vulnarability, as MS has changed .NET Framework version seeing vulnarability there.

 

Versions: 1.0.3705.6018 & 1.0.3705.6060 are seen as Trojan.Crypt.XPACK

 

versions: 1.1.4322.2032 & 2.0.50727.3053 are seen CLEAN.

 

Cheers.

 

Hmm... seems like the .NET SP1 did not get applied correctly last time. Version was indeed 1.0.3705.6060.

 

Thanks, enoskype.